Desktop

Question

Computer removal in AD

I want to do some housecleaning in AD, and I want to remove any old computer names from the computers list in AD. I cant find anything that does this automatically, so I was thinking I could do this when no one is working...

Turn all computers on the domain off, then delete them from AD. If my assumptions are right, AD would then repopulate itself as I turned the computers back on.. Right?

I dont really care about permissions I had assigned the computers already, as I understand this would be like a new computer to AD..

All Answers

audit

if you audit properly, you can determine which computer names have not been logged into in like 4-6 months or something. These would be the safer bets to remove. You should also take into consideration that people take leave or extended absence, and some of these systems may still be needed to work upon return.

And to mention, if they use remote access, the names may not show up on the audits unless they are audited as well. What you should avoid is to remove names of active computers, especially if they are on travel, home workers, absence, etc.. Well, unless you are trying to create helpdesk calls

As Cmiller points out, you will lose SIDs

if you delete the computer account. You will lose the computers membership in specific OUs, which in turn will lose Group Policy settings for that OU that the computer was a member of. and other settings to numerous to mention.

No the computer account is NOT recreated if you turn the computer off, delete the computer account, then turn the PC back on.

Since you ask, then you haven't done it before so try it on a test computer first. Place a computer is an OU, apply a GPO to that OU. then turn off the computer, deleted the computer account. Turn the computer back on and see what happens. Look in the OU see if the computer is there, look to see if GPOs were applied. Try logging on with that computer, see if you get a message that says there's no computer account listed in AD for the computer your trying to log on with.... etc. ,

But that would make for

Re-Adding all of the computers to the domain afterwards. Nobody logging in, etc..

You are just RUINING the FUN that they will have :^0

Here it is more strict, we dont actually have the ability (not being in IT) to re-add computers from the domain, and we have to add our own to it (through a utility website). So, we need to go to the website, create a name and wait for verification that it added, rename the computer, reboot, log in as an admin (don forget to find out the admin PW first :0 ), and add the computer with our login info, and reboot again. then we can log in to the computer with our account, and run a utility to auto-change the admin PW again. What a hassle, especially on a slow system on a slow as he** network

What a convoluted process

Oh, it gets worse

If the computer isnt logged into the domain on-site at least every 60 days, the name gets auto-removed from the AD. This raises havoc for Home users who have to show up on site a few times a year, anyone going on leave for 2+ months, etc.. When they get back, they have a mess to deal with before they get to the mess that they already have from being absent.

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.